recommended reading

Is State Surveillance a Legitimate Defense of Our Freedoms?

Former CIA and NSA director Michael Hayden

Former CIA and NSA director Michael Hayden // Luis M. Alvarez/AP File Photo

Is state surveillance a legitimate defense of our freedoms? The question was put to Michael Hayden, former director of the NSA and the CIA, during a debate Friday evening in Toronto. Alan Dershowitz joined him to argue the affirmative. Glenn Greenwald and Reddit co-founder Alexis Ohanian argued against the resolution.

Going in, I expected to disagree with Hayden, who presided over the NSA's illegal program of warrantless wiretapping in the years after the September 11 attacks. But I want to emphatically agree with the very first remarks he made in the debate.

"State surveillance is a legitimate defense of our freedoms," he said, restating the resolution. "Well, we all know the answer to that. It depends. And it depends on facts."

He quickly clarified:

It depends on the totality of circumstances in which we find ourselves. What kind of surveillance? For what kind of purposes? In what kind of state of danger?

And that's why facts matter.

In having this debate, in trying to decide whether this surveillance is a legitimate defense of our freedoms, we really need to know exactly what this surveillance is.

Hayden was trying to defend the NSA with those remarks. He argued that facts matter, and that the Washington Post got some facts wrong when reporting on slides leaked by Edward Snowden, making the NSA look more aggressive than is the case. But in doing so, he unwittingly echoed a core belief of the national-security state's critics. He's absolutely right: To judge whether a particular kind of surveillance is legitimate, one must know exactly what's being considered and its purpose.

Yet the NSA hid many types of surveillance from the American people. In fact, many members of Congress were unaware of exactly what was being done and why. By Hayden's own logic, neither American citizens nor those members of Congress could meaningfully decide whether the NSA's activities were legitimate! I've made the same claim repeatedly. The difference is that I find it alarming and he doesn't. It's that anti-democratic mindset I've warned about before.

* * *

What follows is my transcription of Hayden's whole opening statement, should anyone want to read, endorse, or rebut it. Video of the whole debate is here.

State surveillance is a legitimate defense of our freedoms—well, we all know the answer to that. It depends. And it depends on facts. It depends on the totality of circumstances in which we find ourselves. What kind of surveillance? For what kind of purposes? In what kind of state of danger? And that's why facts matter. In having this debate, in trying to decide whether this surveillance is a legitimate defense of our freedoms, we really need to know exactly what this surveillance is. And I freely admit, that's hard, okay?

This stuff has been pushed out into the public domain, and you've had a chance to look at it. And sometimes it's been pushed out there in a way that, well, let me be kind, it's not clear. And other times it's been put out in a way that's just wrong.

Let me give you an example. And by the way, no one has to have ill intent to make it wrong. This is actually really complicated stuff. There was one slide that was pushed out into the public domain over a program called Boundless Informant. If I were actually thinking of names that would eventually become public that's probably not one I would pick, okay? But what it was was a heat map of the world and it showed metadata events that NSA in one way or another acquired in different parts of the world. It clicked off tens of millions of metadata events that the NSA was getting according to the map from France and Spain and Norway. And so immediately the story was, "Hey, these guys are ripping off the phone bills of a whole bunch of Europeans." The reality of the story was that the French, Spanish, and Norwegian services were providing NSA metadata that their services had collected, not in their own countries, but in internationally recognized theaters of armed conflict. It was a team ball effort, but it got rolled out as very aggressive collection on the part of NSA.

So it's hard. It's complicated. Sometimes though this stuff just gets rushed to the darkest corner of the room. All ties go to the most ominous description of what's happening. And sometimes it doesn't even have to be a tie, it just goes to the most ominous description.

Something called the Prism program, that's the NSA having access through Google, Microsoft, and Yahoo to materials on their servers, in the United States, materials affiliated with a legitimate intelligence target. That got shoved out the door that NSA is free-ranging on the servers of Google and Microsoft and Yahoo, that it just was an uncontrolled NSA exploration of this data. That's just not wrong. [Ed. note: I presume he meant to say, "That's just wrong."] Now that story was pushed out, the Washington Postis one of the places that pushed that out, they corrected it on their web site over several days without notifying people that the article had been changed.

But let's skip all that.

Let's just all assume that we can get to the hard truth, that we can actually boil this down to what CSEC is doing here and NSA is doing across the lake and GCHQ is doing in Great Britain and ASD is doing in Australia. Even then you've got a problem. Because even then you're walking into a movie theater late in the third reel, and you're looking at a scene, a snapshot of the third reel and you're saying, "Aha, the butler did it!"

Actually, you need to go back and look at the whole movie. You need to see what went on before. Because if you know what went on before you may have a different interpretation of what you think the butler is guilty of. There are three or four things that happen that NSA and all these organizations have tried to solve. Enormous volume. How do you conduct signals intelligence to keep you safe in a tsunami of global communications? Well, the answer to that is bulk collection of metadata. Another issue that's out there prominently is NSA is mucking about in those global telecommunication grids that have your emails. No one complained when NSA was doing Soviet strategic microwave rocket signals. Well, the equivalent of those Soviet microwave signals are proliferator, terrorist, narco-trafficker, money-launderer emails, coexisting with yours and mine, out there in Gmail.

And if you want NSA to continue to do what it was doing, or CSEC to continue to do what it's doing, what it had been doing to keep you safe, it's got to be in the stream where your data is.

There's a couple other things too. After 9/11, the enemy was inside my country. That's the 215 program, metadata. Who might be affiliated with terrorists inside the United States? And finally, when the enemy wasn't in my country his communications were. It's an accident of history, but it's a fact, most emails reside on servers in the United States. They should not deserve constitutional protection if the email's from a bad man in Pakistan communicating to a bad man in Yemen. And the Prism program is what allowed us to get those emails to keep everyone safe. There's a lot more to talk about but you're going to start clapping in about nine seconds. So I'm going to go back to the podium.

Thank you.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.